 @@ -1,647 +1,650 @@
-.\"	$NetBSD: inetd.8,v 1.56 2009/10/24 12:23:47 reed Exp $
+.\"	$NetBSD: inetd.8,v 1.57 2011/04/25 22:12:05 wiz Exp $
 .\"
 .\" Copyright (c) 1998 The NetBSD Foundation, Inc.
 .\" All rights reserved.
 .\"
 .\" This code is derived from software contributed to The NetBSD Foundation
 .\" by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
 .\" NASA Ames Research Center.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
 .\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 .\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
 .\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
 .\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 .\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 .\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 .\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 .\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 .\" POSSIBILITY OF SUCH DAMAGE.
 .\"
 .\" Copyright (c) 1985, 1991 The Regents of the University of California.
 .\" All rights reserved.
 .\"
 .\" Redistribution and use in source and binary forms, with or without
 .\" modification, are permitted provided that the following conditions
 .\" are met:
 .\" 1. Redistributions of source code must retain the above copyright
 .\"    notice, this list of conditions and the following disclaimer.
 .\" 2. Redistributions in binary form must reproduce the above copyright
 .\"    notice, this list of conditions and the following disclaimer in the
 .\"    documentation and/or other materials provided with the distribution.
 .\" 3. Neither the name of the University nor the names of its contributors
 .\"    may be used to endorse or promote products derived from this software
 .\"    without specific prior written permission.
 .\"
 .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 .\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
 .\"     from: @(#)inetd.8       8.4 (Berkeley) 6/1/94
 .\"
 .Dd August 27, 2008
 .Dt INETD 8
 .Os
 .Sh NAME
 .Nm inetd ,
 .Nm inetd.conf
 .Nd internet
 .Dq super-server
 .Sh SYNOPSIS
 .Nm
 .Op Fl d
 .Op Fl l
 .Op Ar configuration file
 .Sh DESCRIPTION
 .Nm
 should be run at boot time by
 .Pa /etc/rc
 (see
 .Xr rc 8 ) .
 It then opens sockets according to its configuration and listens
 for connections.
 When a connection is found on one of its sockets, it decides what
 service the socket corresponds to, and invokes a program to service
 the request.
 After the program is finished, it continues to listen on the socket
 (except in some cases which will be described below).
 Essentially,
 .Nm
 allows running one daemon to invoke several others,
 reducing load on the system.
 .Pp
 The options available for
 .Nm :
 .Bl -tag -width Ds
 .It Fl d
 Turns on debugging.
 .It Fl l
 Turns on libwrap connection logging.
 .El
 .Pp
 Upon execution,
 .Nm
 reads its configuration information from a configuration
 file which, by default, is
 .Pa /etc/inetd.conf .
 The path given for this configuration file must be absolute, unless
 the
 .Fl d
 option is also given on the command line.
 There must be an entry for each field of the configuration
 file, with entries for each field separated by a tab or
 a space.
 Comments are denoted by a ``#'' at the beginning of a line.
 There must be an entry for each field (except for one
 special case, described below).
 The fields of the configuration file are as follows:
 .Pp
 .Bd -unfilled -offset indent -compact
 [addr:]service-name
 socket-type[:accept_filter]
 protocol[,sndbuf=size][,rcvbuf=size]
 wait/nowait[:max]
 user[:group]
 server-program
 server program arguments
 .Ed
 .Pp
 To specify an
 .Em Sun-RPC
 based service, the entry would contain these fields:
 .Pp
 .Bd -unfilled -offset indent -compact
 service-name/version
 socket-type
 rpc/protocol[,sndbuf=size][,rcvbuf=size]
 wait/nowait[:max]
 user[:group]
 server-program
 server program arguments
 .Ed
 .Pp
 To specify a UNIX-domain (local) socket, the entry would contain
 these fields:
 .Pp
 .Bd -unfilled -offset indent -compact
 path
 socket-type
 unix[,sndbuf=size][,rcvbuf=size]
 wait/nowait[:max]
 user[:group]
 server-program
 server program arguments
 .Ed
 .Pp
 For Internet services, the first field of the line may also have a host
 address specifier prefixed to it, separated from the service name by a colon.
 If this is done, the string before the colon in the first field
 indicates what local address
 .Nm
 should use when listening for that service, or the single character
 .Dq \&*
 to indicate
 .Dv INADDR_ANY ,
 meaning
 .Sq all local addresses .
 To avoid repeating an address that occurs frequently, a line with a
 host address specifier and colon, but no further fields, causes the
 host address specifier to be remembered and used for all further lines
 with no explicit host specifier (until another such line or the end of
 the file).
 A line
 .Dl *:
 is implicitly provided at the top of the file; thus, traditional
 configuration files (which have no host address specifiers) will be
 interpreted in the traditional manner, with all services listened for
 on all local addresses.
 .Pp
 The
 .Em service-name
 entry is the name of a valid service in
 the file
 .Pa /etc/services .
 For
 .Dq internal
 services (discussed below), the service
 name
 .Em must
 be the official name of the service (that is, the first entry in
 .Pa /etc/services ) .
 When used to specify a
 .Em Sun-RPC
 based service, this field is a valid RPC service name in
 the file
 .Pa /etc/rpc .
 The part on the right of the
 .Dq /
 is the RPC version number.
 This can simply be a single numeric argument or a range of versions.
 A range is bounded by the low version to the high version \-
 .Dq rusers/1-3 .
 .Pp
 The
 .Em socket-type
 should be one of
 .Dq stream ,
 .Dq dgram ,
 .Dq raw ,
 .Dq rdm ,
 or
 .Dq seqpacket ,
 depending on whether the socket is a stream, datagram, raw,
 reliably delivered message, or sequenced packet socket.
 .Pp
 Optionally, an
 .Xr accept_filter 9
 can be specified by appending a colon to the socket-type, followed by
 the name of the desired accept filter.
 In this case
 .Nm
 will not see new connections for the specified service until the accept
 filter decides they are ready to be handled.
 .Pp
 The
 .Em protocol
 must be a valid protocol as given in
 .Pa /etc/protocols
 or the string
 .Dq unix .
 Examples might be
 .Dq tcp
 and
 .Dq udp .
 Rpc based services are specified with the
 .Dq rpc/tcp
 or
 .Dq rpc/udp
 service type.
 .Dq tcp
 and
 .Dq udp
 will be recognized as
 .Dq TCP or UDP over default IP version .
 It is currently IPv4, but in the future it will be IPv6.
 If you need to specify IPv4 or IPv6 explicitly, use something like
 .Dq tcp4
 or
 .Dq udp6 .
 If you would like to enable special support for
 .Xr faithd 8 ,
 prepend a keyword
 .Dq faith
 into
 .Em protocol ,
 like
 .Dq faith/tcp6 .
 .Pp
 In addition to the protocol, the configuration file may specify the
 send and receive socket buffer sizes for the listening socket.
 This is especially useful for
 .Tn TCP
 as the window scale factor, which is based on the receive socket
 buffer size, is advertised when the connection handshake occurs,
 thus the socket buffer size for the server must be set on the listen socket.
 By increasing the socket buffer sizes, better
 .Tn TCP
 performance may be realized in some situations.
 The socket buffer sizes are specified by appending their values to
 the protocol specification as follows:
 .Bd -literal -offset indent
 tcp,rcvbuf=16384
 tcp,sndbuf=64k
 tcp,rcvbuf=64k,sndbuf=1m
 .Ed
 .Pp
 A literal value may be specified, or modified using
 .Sq k
 to indicate kilobytes or
 .Sq m
 to indicate megabytes.
 Socket buffer sizes may be specified for all
 services and protocols except for tcpmux services.
 .Pp
 The
 .Em wait/nowait
 entry is used to tell
 .Nm
 if it should wait for the server program to return,
 or continue processing connections on the socket.
 If a datagram server connects
 to its peer, freeing the socket so
 .Nm
 can receive further messages on the socket, it is said to be
+a
 .Dq multi-threaded
 server, and should use the
 .Dq nowait
 entry.
 For datagram servers which process all incoming datagrams
 on a socket and eventually time out, the server is said to be
 .Dq single-threaded
 and should use a
 .Dq wait
 entry.
 .Xr comsat 8
 .Pq Xr biff 1
 and
 .Xr ntalkd 8
 are both examples of the latter type of
 datagram server.
 .Xr tftpd 8
 is an exception; it is a datagram server that establishes pseudo-connections.
 It must be listed as
 .Dq wait
 in order to avoid a race;
 the server reads the first packet, creates a new socket,
 and then forks and exits to allow
 .Nm
 to check for new service requests to spawn new servers.
 The optional
 .Dq max
 suffix (separated from
 .Dq wait
 or
 .Dq nowait
 by a dot or a colon) specifies the maximum number of server instances that may
 be spawned from
 .Nm
 within an interval of 60 seconds.
 When omitted,
 .Dq max
 defaults to 40.
 If it reaches this maximum spawn rate,
 .Nm
-will log the problem (via the syslogger using the LOG_DAEMON
+will log the problem (via the syslogger using the
-facility and LOG_ERR level)
+.Dv LOG_DAEMON
 facility and
 .Dv LOG_ERR
 level)
 and stop handling the specific service for ten minutes.
 .Pp
 Stream servers are usually marked as
 .Dq nowait
 but if a single server process is to handle multiple connections, it may be
 marked as
 .Dq wait .
 The master socket will then be passed as fd 0 to the server, which will then
 need to accept the incoming connection.
 The server should eventually time
 out and exit when no more connections are active.
 .Nm
 will continue to
 listen on the master socket for connections, so the server should not close
 it when it exits.
 .Xr identd 8
 is usually the only stream server marked as wait.
 .Pp
 The
 .Em user
 entry should contain the user name of the user as whom the server should run.
 This allows for servers to be given less permission than root.
 Optionally, a group can be specified by appending a colon to the user name,
 followed by the group name (it is possible to use a dot (``.'') in lieu of a
 colon, however this feature is provided only for backward compatibility).
 This allows for servers to run with a different (primary) group id than
 specified in the password file.
 If a group is specified and
 .Em user
 is not root, the supplementary groups associated with that user will still be
 set.
 .Pp
 The
 .Em server-program
 entry should contain the pathname of the program which is to be
 executed by
 .Nm
 when a request is found on its socket.
 If
 .Nm
 provides this service internally, this entry should
 be
 .Dq internal .
 .Pp
 The
 .Em server program arguments
 should be just as arguments
 normally are, starting with argv[0], which is the name of
 the program.
 If the service is provided internally, the
 word
 .Dq internal
 should take the place of this entry.
 It is possible to quote an argument using either single or double quotes.
 This allows you to have, e.g., spaces in paths and parameters.
 .Ss Internal Services
 .Nm
 provides several
 .Qq trivial
 services internally by use of routines within itself.
 These services are
 .Qq echo ,
 .Qq discard ,
 .Qq chargen
 (character generator),
 .Qq daytime
 (human readable time), and
 .Qq time
 (machine readable time,
 in the form of the number of seconds since midnight, January 1, 1900 GMT).
 For details of these services, consult the appropriate
 .Tn RFC .
 .Pp
 TCP services without official port numbers can be handled with the
 RFC1078-based tcpmux internal service.
 TCPmux listens on port 1 for requests.
 When a connection is made from a foreign host, the service name
 requested is passed to TCPmux, which performs a lookup in the
 service name table provided by
 .Pa /etc/inetd.conf
 and returns the proper entry for the service.
 TCPmux returns a negative reply if the service doesn't exist,
 otherwise the invoked server is expected to return the positive
 reply if the service type in
 .Pa /etc/inetd.conf
 file has the prefix
 .Qq tcpmux/ .
 If the service type has the
 prefix
 .Qq tcpmux/+ ,
 TCPmux will return the positive reply for the
 process; this is for compatibility with older server code, and also
 allows you to invoke programs that use stdin/stdout without putting any
 special server code in them.
 Services that use TCPmux are
 .Qq nowait
 because they do not have a well-known port number and hence cannot listen
 for new requests.
 .Pp
 .Nm
 rereads its configuration file when it receives a hangup signal,
 .Dv SIGHUP .
 Services may be added, deleted or modified when the configuration file
 is reread.
 .Nm
 creates a file
 .Em /var/run/inetd.pid
 that contains its process identifier.
 .Ss libwrap
 Support for
 .Tn TCP
 wrappers is included with
 .Nm
 to provide internal tcpd-like access control functionality.
 An external tcpd program is not needed.
 You do not need to change the
 .Pa /etc/inetd.conf
 server-program entry to enable this capability.
 .Nm
 uses
 .Pa /etc/hosts.allow
 and
 .Pa /etc/hosts.deny
 for access control facility configurations, as described in
 .Xr hosts_access 5 .
 .Pp
 .Em Nota Bene :
 .Tn TCP
 wrappers do not affect/restrict
 .Tn UDP
 or internal services.
 .Ss IPsec
 The implementation includes a tiny hack to support IPsec policy settings for
 each socket.
 A special form of the comment line, starting with
 .Dq Li "#@" ,
 is used as a policy specifier.
 The content of the above comment line will be treated as a IPsec policy string,
 as described in
 .Xr ipsec_set_policy 3 .
 Multiple IPsec policy strings may be specified by using a semicolon
 as a separator.
 If conflicting policy strings are found in a single line,
 the last string will take effect.
+A
 .Li "#@"
 line affects all of the following lines in
 .Pa /etc/inetd.conf ,
 so you may want to reset the IPsec policy by using a comment line containing
 only
 .Li "#@"
 .Pq with no policy string .
 .Pp
 If an invalid IPsec policy string appears in
 .Pa /etc/inetd.conf ,
 .Nm
 logs an error message using
 .Xr syslog 3
 and terminates itself.
 .Ss IPv6 TCP/UDP behavior
 If you wish to run a server for both IPv4 and IPv6 traffic,
 you will need to run two separate processes for the same server program,
 specified as two separate lines in
 .Pa /etc/inetd.conf
 using
 .Dq tcp4
 and
 .Dq tcp6
 respectively.
 Plain
 .Dq tcp
 means TCP on top of the current default IP version,
 which is, at this moment, IPv4.
 .Pp
 Under various combination of IPv4/v6 daemon settings,
 .Nm
 will behave as follows:
 .Bl -bullet -compact
 .It
 If you have only one server on
 .Dq tcp4 ,
 IPv4 traffic will be routed to the server.
 IPv6 traffic will not be accepted.
 .It
 If you have two servers on
 .Dq tcp4
 and
 .Dq tcp6 ,
 IPv4 traffic will be routed to the server on
 .Dq tcp4 ,
 and IPv6 traffic will go to server on
 .Dq tcp6 .
 .It
 If you have only one server on
 .Dq tcp6 ,
 only IPv6 traffic will be routed to the server.
 The kernel may route to the server IPv4 traffic as well,
 under certain configuration.
 See
 .Xr ip6 4
 for details.
 .El
 .Sh FILES
 .Bl -tag -width /etc/hosts.allow -compact
 .It Pa /etc/inetd.conf
 configuration file for all
 .Nm
 provided services
 .It Pa /etc/services
 service name to protocol and port number mappings.
 .It Pa /etc/protocols
 protocol name to protocol number mappings
 .It Pa /etc/rpc
 .Tn Sun-RPC
 service name to service number mappings.
 .It Pa /etc/hosts.allow
 explicit remote host access list.
 .It Pa /etc/hosts.deny
 explicit remote host denial of service list.
 .El
 .Sh SEE ALSO
 .Xr hosts_access 5 ,
 .Xr hosts_options 5 ,
 .Xr protocols 5 ,
 .Xr rpc 5 ,
 .Xr services 5 ,
 .Xr comsat 8 ,
 .Xr fingerd 8 ,
 .Xr ftpd 8 ,
 .Xr rexecd 8 ,
 .Xr rlogind 8 ,
 .Xr rshd 8 ,
 .Xr telnetd 8 ,
 .Xr tftpd 8
 .Rs
 .%A J. Postel
 .%R RFC
 .%N 862
 .%D May 1983
 .%T "Echo Protocol"
 .Re
 .Rs
 .%A J. Postel
 .%R RFC
 .%N 863
 .%D May 1983
 .%T "Discard Protocol"
 .Re
 .Rs
 .%A J. Postel
 .%R RFC
 .%N 864
 .%D May 1983
 .%T "Character Generator Protocol"
 .Re
 .Rs
 .%A J. Postel
 .%R RFC
 .%N 867
 .%D May 1983
 .%T "Daytime Protocol"
 .Re
 .Rs
 .%A J. Postel
 .%A K. Harrenstien
 .%R RFC
 .%N 868
 .%D May 1983
 .%T "Time Protocol"
 .Re
 .Rs
 .%A M. Lottor
 .%R RFC
 .%N 1078
 .%D November 1988
 .%T "TCP port service Multiplexer (TCPMUX)"
 .Re
 .Sh HISTORY
 The
 .Nm
 command appeared in
 .Bx 4.3 .
 Support for
 .Em Sun-RPC
 based services is modeled after that
 provided by SunOS 4.1.
 Support for specifying the socket buffer sizes was added in
 .Nx 1.4 .
 In November 1996, libwrap support was added to provide
 internal tcpd-like access control functionality;
 libwrap is based on Wietse Venema's tcp_wrappers.
 IPv6 support and IPsec hack was made by KAME project, in 1999.
 .Sh BUGS
 Host address specifiers, while they make conceptual sense for RPC
 services, do not work entirely correctly.
 This is largely because the portmapper interface does not provide
 a way to register different ports for the same service on different
 local addresses.
 Provided you never have more than one entry for a given RPC service,
 everything should work correctly (Note that default host address
 specifiers do apply to RPC lines with no explicit specifier.)
 .Pp
 .Dq tcpmux
 on IPv6 is not tested enough.
 .Sh SECURITY CONSIDERATIONS
 Enabling the
 .Dq echo ,
 .Dq discard ,
 and
 .Dq chargen
 built-in trivial services is not recommended because remote
 users may abuse these to cause a denial of network service to
 or from the local host.